The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
IEEE

Content Security Policy Deployment Issues Related to Third-party Scripts among Builder ...

Abstract: Content Security Policy (CSP) is a leading security mechanism for mitigating content injection attacks such as Cross-Site Scripting (XSS). However, CSPs are not widely deployed on websites, ...